Effective online privacy mechanisms with persuasive communication

This thesis contributes to research by taking a social psychological perspective to managing privacy online. The thesis proposes to support the effort to form a mental model that is required to evaluate a context with regards to privacy attitudes or to ease the effort by biasing activation of privacy attitudes. Privacy being a behavioural concept, the human-computer interaction design plays a major role in supporting and contributing to end users’ ability to manage their privacy online. However, unless privacy attitudes are activated or made accessible, end users’ behaviour would not necessarily match their attitudes. This perspective contributes to explaining why online privacy mechanisms have long been found to be in-effective. Privacy academics and practitioners are queried for their opinions on aspects of usable privacy designs. Evaluation of existing privacy mechanisms (social network service, internet browsers privacy tabs and E-Commerce websites) for privacy experts’ requirements reveals that the privacy mechanisms do not provide for the social psychological processes of privacy management. This is determined through communication breakdowns within the interaction design and the lack of privacy disclosure dialectical tension, lack of disclosure context and visibility of privacy means. The thesis taps into established research in social psychology related to the attitude behaviour relationship. It proposes persuasive communication to support the privacy management process that is to enable end user control of their privacy while ensuring typical usability criteria such as minimum effort and ease of use. An experimental user study within an E-Commerce context provides evidence that in the presence of persuasive triggers that support the disclosure and privacy dialectic within a context of disclosure; end users can engage in privacy behaviour that match their privacy concerns. Reminders for privacy actions with a message that is personally relevant or has a privacy argument result in significantly more privacy behaviour than a simple reminder. However, reminders with an attractive source that is not linked with privacy can distract end users from privacy behaviour such that the observed response is similar to the simple reminder. This finding is significant for the research space since it supports the use of persuasive communication within human-computer interaction of privacy designs as a powerful tool in enabling attitude activation and accessibility such that cognitive evaluation of an attitude object can be unleashed and end users can have a higher likelihood of responding with privacy behaviour. It also supports the view that privacy designs that do not consider their interaction with privacy attitudes or their influence on behaviour can turn out to be in-effective although found to support the typical usability criteria. More research into the social-psychological aspects of online privacy management would be beneficial to the research space. Further research could determine the strength of activated or accessed privacy attitude caused by particular persuasive triggers and the extent of privacy behaviour. Longitudinal studies could also be useful to better understand online privacy behaviour and help designs of more effective and usable online privacy

Evaluation of the reliability of using the prototype PPMark - a tool to support the computer human interaction in readings the privacy policies - using the GQM and TAM models.

For the past years, a number of researches have shown that most users do not have a habit of reading privacy policies. This fact may occur due to the time spent on reading these policies technical or even users’ lack of interest. On a previous work, in order to facilitate the presentation of privacy policies from online services, a prototype called PPMark was developed in order to read policy texts and show what kind of data was being collected and to what end are were presented in a privacy label format. The goal of this work is to assess the users’ confidence on the information extracted by this prototype. Given the results, the prototype proved that it is easy to use, it can decrease the time spent on reading policies and that users trust the information extracted, thus facilitating the computer human interaction (user x privacy policies)

Alter ego, state of the art on user profiling: an overview of the most relevant organisational and behavioural aspects regarding User Profiling.

This report gives an overview of the most relevant organisational and\ud behavioural aspects regarding user profiling. It discusses not only the\ud most important aims of user profiling from both an organisation’s as\ud well as a user’s perspective, it will also discuss organisational motives\ud and barriers for user profiling and the most important conditions for\ud the success of user profiling. Finally recommendations are made and\ud suggestions for further research are given

Security awareness and affective feedback:categorical behaviour vs. reported behaviour

A lack of awareness surrounding secure online behaviour can lead to end-users, and their personal details becoming vulnerable to compromise. This paper describes an ongoing research project in the field of usable security, examining the relationship between end-user-security behaviour, and the use of affective feedback to educate end-users. Part of the aforementioned research project considers the link between categorical information users reveal about themselves online, and the information users believe, or report that they have revealed online. The experimental results confirm a disparity between information revealed, and what users think they have revealed, highlighting a deficit in security awareness. Results gained in relation to the affective feedback delivered are mixed, indicating limited short-term impact. Future work seeks to perform a long-term study, with the view that positive behavioural changes may be reflected in the results as end-users become more knowledgeable about security awareness

Interpretable Machine Learning for Privacy-Preserving Pervasive Systems

Our everyday interactions with pervasive systems generate traces that capture various aspects of human behavior and enable machine learning algorithms to extract latent information about users. In this paper, we propose a machine learning interpretability framework that enables users to understand how these generated traces violate their privacy